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DETAILED ACTION 



1. Claims 1-20 is pending. 



Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent 
or (2) a patent granted on an application for patent by another filed in the United States 
before the invention by the applicant for patent, except that an international application 
filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21(2) of such treaty in the 
English language. 

2. Claims 1-20 asre rejected landeir 35 U.S.C. i02(e) as bemg 
MnpatentaMe by Scfinesnr^ et aL (US 7,1349 133]|. 
As peir claim 1: 

Scherr discloses a method of managing authorization tokens within a 
computer system comprising: 

creating a master owner token indicating full ownership of a resource 
within the computer system by a management environment; JcoLT, lines 40- 
50; the claimed resonairce casn broadly be iimteirpirelted as the data access 
maBagesr {e.g. network switch) as discuassed by Scbeinr where a master 
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token identifies the data manager (col.7, lines 63-65). The data access 
manager includes a processor and a memory (coL6, lines 56-58).) 

creating at least one delegate owner token for a delegated environment; 
(C0L69 lines 49-50 and coL7, lines 18-21; Scherr discloses a host token is 
the claimed delegate owner that identifies the host in request sent to 
authorize access to data (C0L59 lines 49-50). The claimed delegated 
environment can broaclly be interpreted as components, computer, 
systems, etc.) 

communicating the delegate owner token to the delegated environment 
and to the resource; and (col.5, lines 50-54) 

allowing access to the resource by the delegated environment when the 
delegated environment presents a valid delegate owner token to the resource, 
(col. 13, lines 23-35 and col. 14, lines 49-65) 

As per claim 2: See col.8, lines 34-37; discloses the method of claim 1, 
further comprising storing the master owner token in a secure storage within 
the computer system. 

As per claim 3: See col.8, lines 22-30; discloses the method of claim 1, 

wherein the resource comprises a trusted platform module. 

As per claim 4: See col.5, lines 50-54; discloses the method of claim 1, 

wherein the management environment assigns a delegate owner token to a 

delegated environment by sealing the delegate owner token to the delegated 

environment. 
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As per claim 5: See coL7, lines 64-65; discloses the method of claim 1, 
wherein the master owner token indicates the management environment can 
change at least one of the master owner token and a delegate owner token. 
As per claim 6: See coL5, lines 31-36; discloses the method of claim 1, 
further comprising launching the management environment before launching 
the delegated environment. 

As per claim 7: See col.8, lines 22-25 and 62-64; discloses the method of 
claim 1 , further comprising storing the delegate owner token in an access 
control list in the resource. 

As per claim 8: See coL12y lines 41-49; discloses the method of claim 1, 
further comprising removing, by the management environment, a delegate 
owner token from the access control list and adding a different delegate owner 
token to the access control list. 
As per claim 9: 

Scherr discloses an article comprising: 

a storage medium having a plurality of machine readable instructions, 
wherein when the instructions are executed by a processor, the instructions 
provide for managing authorization tokens within a computer system by 
creating a master owner token indicating full ownership of a resource within 
the computer system by an administrative environment; (coLT, lines 40-50; 
the claimed resource can broadly be interpreted as the data access 
manager (e.g. network switch) as discussed by Scherr where a master 
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token identifies the data manager (coLT, lines 63-65). The data access 
manager includes a processor and a memory (coL6, lines 56-58).) 

creating at least one delegate owner token for a environment; (001.69 
lines 49-50 and col.7, lines 18-20; Scherr discloses a host token is the 
claimed delegate owner that identifies the host in request sent to 
authorize access to data (col.5, lines 49-50). The claimed delegated 
environment can broadly be interpreted as components, computer, 
systems, etc.) 

communicating the delegate owner token to the environment and to the 
resource; and (col.5, lines 50-54) 

allowing access to the resource by the environment when the 
environment presents a valid delegate owner token to the resource, (col. 13, 
lines 23-35 and col. 14, lines 49-65) 

As per claim 10: See col.8, lines 34-37; discloses the article of claim 9, 
further comprising instructions for storing the master owner token in a secure 
storage within the computer system. 

As per claim 11: See col.8, lines 22-30; discloses the article of claim 9, 

wherein the resource comprises a trusted platform module. 

As per claim 12: See col.5, lines 50-54; discloses the article of claim 9, 

wherein the management environment assigns a delegate owner token to a 

delegated environment by sealing the delegate owner token to the delegated 

environment. 
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As per claim 13: See col.?, lines 64-65; discloses the article of claim 9, 
wherein the master owner token indicates the management environment can 
change at least one of the master owner token and a delegate owner token. 
As per claim 14: See col.5, lines 31-36; discloses the article of claim 9, 
further comprising instructions for launching the management environment 
before launching the environment. 

As per claim 15: See coL8, lines 22^25 and 62-64; discloses the article of 
claim 9, further comprising instructions for storing the delegate owner token in 
an access control list in the resource. 

As per claim 16: See coL12, lines 41-49; discloses the article of claim 9, 
further comprising instructions for removing, by the management environment, 
a delegate owner token from the access control list and adding a different 
delegate owner token to the access control list. 
As per claim 17: 

Scherr discloses a computer system comprising: 

a plurality of environments; 

a management environment to create a master owner token indicating 
full ownership of a resource within the computer system (col. 7, lines 40-50; 
the claimed resource can broadly be interpreted as the data access 
manager (e.g. network switch) as discussed by Scherr where a master 
token identifies the data manager (coL7, lines 63-65). The data access 
manager includes a processor and a memory (col.6, lines 56-58).), 
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to create a plurality of delegate owner tokens indicating partial 
ownership of the resource (col.G, lines 49-50 and coL7, lines 18-20; Scherr 
discloses a host token is the claimed delegate owner that identifies the 
host in request sent to authorize access to data (coLS, lines 49-50). The 
claimed delegated environment can broadly be interpreted as 
components, computer, systems, etc.)> and 

to communicate a selected one of the delegate owner tokens to a selected 
one of the plurality of environments and to the resource; (col.5, lines 50-54) 

wherein the resource stores delegate owner tokens received from the 
management environment and allows access to the resource by the selected 
environment when a valid delegate owner token is presented to the resource by 
the selected environment. (coL13, lines 23-35 and coL14, lines 49-65) 
As per claim 18: See coLS, lines 34-37; discloses a computer system of 
claim 17, further comprising a secure storage to store the master owner token. 
As per claim 19: See col.8, lines 22-30; discloses the computer system of 
claim 17, wherein the resource comprises a trusted platform module. 
As per claim 20: See coL5, lines 50-54; discloses the computer system of 
claim 19, wherein the trusted platform module comprises an access control list 
for storing the delegate owner tokens received from the management 
environment. 
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Conclusion 



Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to LEYNNA T. HA whose telephone 
number is (571) 272-3851. The examiner can normally be reached on Monday 
- Thursday (7:00 - 5:00PM). 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on (571) 272-3859. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for impublished applications is available through 
Private PAIR only. For more information about the PAIR system, see 
http://pair-direct.uspto.gov. Should you have questions on access to the 
Private PAIR system, contact the Electronic Business Center (EBC) at 866-217- 
9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. / 
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